Companies are leaving vulnerabilities unpatched for up to 120 days leaving them open to untargeted attacks, according to the findings of a new report.
Risk and vulnerability intelligence platform Kenna analyzed 50,000 organizations, 250 million vulnerabilities, and over one billion breach events from January 2014 to September 2015, and found that companies are regularly leaving vulnerabilities open for longer than it takes attackers to exploit them.
One of the main concerns companies have about moving to the cloud is security. Traditional security measures can have gaps that leave systems vulnerable.
To address this network security specialist Hillstone Networks is launching CloudHive, a cloud security solution that uses micro-segmentation to protect networks beyond the perimeter down to every virtual machine in cloud deployments.
Yesterday, Microsoft's Terry Myerson defended how the company has handled privacy in Windows 10. The level of concern about privacy in Windows 10 is unprecedented -- it even has some torrent sites spooked -- but my colleague Brian feels that Microsoft has, somehow, earned our trust. He is wrong.
Microsoft has broken the trust of many users, and Myerson's post does little to patch things up. In reality, it is an exercise in public relations, spin, and misdirection. It also raises more questions than it answers. In particular, it highlights the obnoxious disregard Microsoft appears to have for home users.
PayPal Here users will be able to use the new PayPal Chip Card Reader to accept payments via Apple Pay and Android Pay, in addition to the more familiar credit and debit card options. The new reader launches in the US on 30 September, before spreading to the UK and Australia further down the line.
The updated card reader features a display to guide users through the process of making a payment, but it is the addition of contactless payment that is the key new feature. The PayPal Chip Card Reader has a price tag of $149, but some people will be able to get hold of it for $49.
In the modern world information is no longer centralized in a company's data center, thanks to mobility and the cloud it’s become decentralized and this makes it difficult to manage, collect and protect corporate data.
To address this data protection specialist Druva is launching Druva Mobile Forensics for Android. This is a new capability that automatically and transparently collects data from an organization’s Android devices, allowing enterprise IT, information security and legal teams to easily deal with compliance and eDiscovery requests.
With all of the talk about the iPhone 6s and 6s Plus, and the likes of the Samsung Galaxy S6 edge+, it's easy to forget that there are some genuine alternatives out there. One such smartphone is the Blackphone from the privacy-centric Silent Circle. The original Blackphone caused great excitement, and now the Blackphone 2 is available.
This is a phone that has been built from the ground up with security and privacy in mind. While the Blackphone 2 will appeal to anyone who is concerned about privacy, this time around there is a greater push to appeal to businesses and enterprise, including joining Google's Android for Work program. In terms of specs, opting for the most secure handset on the market does not mean making compromises: this phone is a beast.
Based on a survey of almost 14,000 global professionals, the report looks at the differences between men and women in the industry, the current and future outlook for women in the information security field and the unique skills women possess to fill information security positions today and in the future.
Adobe Flash and other programs can be a security problem. There's a reason the company releases regular updates. It's advisable to install them, as it likely means you're vulnerable if you don't. Perhaps the biggest offender is Flash, which powers many things on the web.
Now Adobe is quietly testing a beta version of Flash 19. It is currently a Labs project, but anyone can grab a copy if they'd like to try it out.
There's been a lot of talk lately about ad-blocking thanks to iOS 9. It's a tough call, given that some users don't want to see ads, but the sites they visit wouldn't exist without those ads -- block them and the sites go away, eventually. That makes for quite a conundrum, and Mozilla is trying sort it out. The Firefox maker refers to it more benignly as "content blocking".
Mozilla hasn't quite figured this all out and it is looking for users to help with the puzzle. The organization isn't interested in what the problem is, but is focusing more on why users choose to do this by utilizing blocking agents.
A longtime reader and good friend of mine sent me a link this week to a CNBC story about the loss of fingerprint records in the Office of Personnel Management hack I have written about before. It’s just one more nail in the coffin of a doltish bureaucracy that -- you know I’m speaking the truth here -- will probably result in those doltish bureaucrats getting even more power, even more data, and ultimately losing those data, too.
So the story says they lost the fingerprint records of 5.6 million people! Game over.
Having to enter a password to unlock your Mac is recommended practice, as it helps keep your private data safe. But it is also annoying, especially if you are the security conscious type, who uses a longer, more complex password. So what can you do to make things easy, without exposing your Mac?
Well, if you have an iPhone or iPad that is equipped with Touch ID, or even an Apple Watch, you should take a look at MacLock. It lets you use your fingerprint to unlock your Mac. Here's how it works.
As the digital world expands with more and more connected 'things' from computers, tablets and smartphones to gaming systems, thermostats, cameras and smart TVs, many people feel less secure.
As a result consumers are looking for uncomplicated security solutions from their Internet Service Provider (ISP).
The online gambling industry is big business, estimated to be worth over $40 billion this year. But its success makes it a target for extortion and for DDoS attacks.
DDoS can prove particularly harmful for this type of site as around 60 percent of transactions are carried out in real time and are therefore sensitive to latency.
Here’s a plot twist: despite everything that’s been going on with governments spying on other governments and people, despite countries looking to ban encrypted communications apps and generally fighting against encrypted communications, people still trust the government with their data more than private service providers.
Those are the results of a survey made by secure Swiss-based data center provider Artmotion. It surveyed more than 1000 citizens in the US, Europe, Russia and Australia.
The Indian government has performed a U-turn on a proposed encryption policy. Draft papers showed that the plan was to require people to store non-encryption versions of any data they have encrypted.
The draft policy was an all-encompassing one, and this led to a vocal backlash from users of social networks and messaging tools. The Indian government was forced to backtrack somewhat, making it clear that social media would be exempt and indicating that there is still a great deal of work to be done on the policy.